fix: SSO in web

lib/pages/homeserver_picker/homeserver_picker.dart

@@ -5,10 +5,11 @@ import 'package:flutter/material.dart';
 
 import 'package:flutter_gen/gen_l10n/l10n.dart';
 import 'package:flutter_inappwebview/flutter_inappwebview.dart';
+import 'package:flutter_web_auth/flutter_web_auth.dart';
 import 'package:future_loading_dialog/future_loading_dialog.dart';
 import 'package:matrix/matrix.dart';
 import 'package:uni_links/uni_links.dart';
-import 'package:url_launcher/url_launcher.dart';
+import 'package:universal_html/html.dart' as html;
 import 'package:vrouter/vrouter.dart';
 
 import 'package:fluffychat/config/app_config.dart';
@@ -201,7 +202,7 @@ class HomeserverPickerController extends State<HomeserverPicker> {
 
   static const String ssoHomeserverKey = 'sso-homeserver';
 
-  void ssoLoginAction(String id) {
+  void ssoLoginAction(String id) async {
     if (kIsWeb) {
       // We store the homserver in the local storage instead of a redirect
       // parameter because of possible CSRF attacks.
@@ -209,16 +210,15 @@ class HomeserverPickerController extends State<HomeserverPicker> {
           Matrix.of(context).getLoginClient().homeserver.toString());
     }
     final redirectUrl = kIsWeb
-        ? AppConfig.webBaseUrl + '/#/'
+        ? html.window.origin! + '/web/auth.html'
         : AppConfig.appOpenUrlScheme.toLowerCase() + '://login';
     final url =
         '${Matrix.of(context).getLoginClient().homeserver?.toString()}/_matrix/client/r0/login/sso/redirect/${Uri.encodeComponent(id)}?redirectUrl=${Uri.encodeQueryComponent(redirectUrl)}';
-    if (PlatformInfos.isMobile) {
-      browser ??= ChromeSafariBrowser();
-      browser!.open(url: Uri.parse(url));
-    } else {
-      launch(redirectUrl);
-    }
+    final urlScheme = Uri.parse(redirectUrl).scheme;
+    final result = await FlutterWebAuth.authenticate(
+        url: url, callbackUrlScheme: urlScheme);
+    final token = Uri.parse(result).queryParameters['loginToken'];
+    if (token != null) _loginWithToken(token);
   }
 
   void signUpAction() => VRouter.of(context).to(

pubspec.lock

@@ -576,6 +576,13 @@ packages:
       url: "https://pub.dartlang.org"
     source: hosted
     version: "3.2.4"
+  flutter_web_auth:
+    dependency: "direct main"
+    description:
+      name: flutter_web_auth
+      url: "https://pub.dartlang.org"
+    source: hosted
+    version: "0.4.0"
   flutter_web_plugins:
     dependency: transitive
     description: flutter
@@ -1572,7 +1579,7 @@ packages:
       name: url_launcher_web
       url: "https://pub.dartlang.org"
     source: hosted
-    version: "2.0.6"
+    version: "2.0.8"
   url_launcher_windows:
     dependency: transitive
     description:
@@ -1757,4 +1764,4 @@ packages:
     version: "3.1.0"
 sdks:
   dart: ">=2.15.1 <3.0.0"
-  flutter: ">=2.8.0"
+  flutter: ">=2.10.0"

pubspec.yaml

@@ -42,6 +42,7 @@ dependencies:
   flutter_slidable: ^1.1.0
   flutter_svg: ^0.22.0
   flutter_typeahead: ^3.2.1
+  flutter_web_auth: ^0.4.0
   future_loading_dialog: ^0.2.2
   geolocator: ^7.6.2
   hive_flutter: ^1.1.0

web/auth.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<head>
+  <title>Authentication complete</title>
+</head>
+<body>
+  <p>Authentication is complete. If this does not happen automatically, please
+  close the window.
+  <script>
+    window.opener.postMessage({
+      'flutter-web-auth': window.location.href
+    }, window.location.origin);
+    window.close();
+  </script>
+</body>